Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-42858— Open edX Platform: Server-Side Request Forgery (SSRF) in SAML Provider Data Sync Endpoint

CVSS 8.5 · High EPSS 0.03% · P10

Affected Version Matrix 1

VendorProductVersion RangeStatus
openedxopenedx-platform< 6fda1f120ff5a590d120ae1180185525f399c6d0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-42858

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Open edX Platform: Server-Side Request Forgery (SSRF) in SAML Provider Data Sync Endpoint
Source: NVD (National Vulnerability Database)
Vulnerability Description
Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadata_url POST parameter. This URL is passed directly to requests.get() in fetch_metadata_xml() without any URL validation, IP filtering, or scheme enforcement. An attacker with Enterprise Admin privileges can force the server to make HTTP requests to internal network services, cloud metadata endpoints (e.g., AWS 169.254.169.254), or other attacker-controlled destinations. This vulnerability is fixed by commit 6fda1f120ff5a590d120ae1180185525f399c6d0 and 70a56246dd9c9df57c596e64bdd8a11b1d9da054.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Open edX Platform 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Open edX Platform是Open edX开源的一套开源的课程管理系统(CMS)。该系统可用于MOOCs(大规模网络开放课程)以及较小的课程和培训模块。 Open edX Platform存在代码问题漏洞,该漏洞源于SAMLProviderDataViewSet中sync_provider_data端点允许认证的企业管理员用户通过metadata_url参数提供任意URL,且未进行URL验证、IP过滤或方案强制,可能导致服务器向内部网络服务或云元数据端点发起HTTP请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
openedxopenedx-platform < 6fda1f120ff5a590d120ae1180185525f399c6d0 -

II. Public POCs for CVE-2026-42858

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-42858

登录查看更多情报信息。

Same Patch Batch · openedx · 2026-05-11 · 3 CVEs total

CVE-2026-428608.5 HIGHOpen edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint
CVE-2026-428574.6 MEDIUMOpen edX Platform: Stored CSS Injection in Email Notifications via Incomplete HTML Sanitiz

IV. Related Vulnerabilities

Same product: openedx-platform
Same vendor: openedx
Same weakness: CWE-918

V. Comments for CVE-2026-42858

No comments yet

Leave a comment